Microsoft plans to bundle a cryptographically flawed pseudo random number generator in its upcoming service pack for Windows Vista.
Cryptographers have expressed concern about a possible backdoor in a standard for random number generators approved by the National Institute of Standards and Technology (NIST) this year.
The …

a better system already exists...

re: Think of the terrorists!!!!!

I am almost sure that Cameron was being sarcastic. I just wanted to add my €0.02 by saying that whenever someone next to me says in a straight face "If you're innocent you got nothing to hide!", I usually reply, "yes, but when I send emails to friends with my opinion about you, you wouldn't the rest of the world to know what a complete arsehole you are, isn't it?"

The Secrecy Flaw....... or is it a glass ceiling?

Secrecy invariably is used because harm can ensue from what is being developed and then concealed. It is always never good for who would ever want to conceal something good. Ergo is secrecy bad?

And yes I know that there are "good" secrets too which are secrets just to make money but they are hardly good either given that they are hidden just for that exclusive sake.

If everyone knew everything the world would be a better place for then there would be so much more to do than harm although whether man is smart enough for such simplicity/complexity is debatable. Some can't even spell their name or add simple figures which limits them to ........ well, it limits them in the wider world, which is sad and a failing in Societies that would think to call themselves educated/civilised/modern/21st century. ...... although are we not all of the same age or are some societies in a completely different Age/Time Zone/GeoSpatial Anomaly?

Suspected RNG doesn't have to be used

The referenced RNG is required to be available/installed on any OS or software expecting to get used by US government computers or subcontractors. For that reason alone, you can expect it to be available in many popular OSs and software products. However, it's use isn't required.

Microsoft decided to make it's use optional. It isn't the default. That fact, coupled with widespread news of its inherent weaknesses mean it's highly doubtful anyone will use it.

So, it's an issue that it is required to be installed at all, but who would require its use? Not, Microsoft. A Microsoft employee, Niels Ferguson, is one of the original paper's co-authors discussing the weaknesses. I don't see anyone using it when there are other more reliable and trusted RNGs. Hopefully it will die a natural death.

Physics based RNG and terrorists

There is a problem with using true random numbers in encryption: you can only use them as a one-time pad, i.e. as a key as large as the cyphertext, precisely because the receiver cannot predict the next random number in the sequence. Being able to do such a prediction based on a relatively small key (or public/private key pair, see RSA) is essential for decoding. When a true random number generator is used, the key (i.e. the true random sequence) must then be sent through a secure channel, which, if available could have been used to send the message in the first place. Alternatively, you need to send a DVD full of true random bits to your associates, and progressively use that sequence. This is very secure (provably uncrackable) but a bit over the top. A beter way still is using quantum cryptography.

Regarding terrorists: I have this image that they are simply disguising their messages as spam, and sending it to EVERYONE, including the NSA and the like. In the midst of all their mortgage proposals and the like, there are coded messages that those in the know can decode.

@James Hunter

Re: Is it any wonder?

"Stop thinking Microsoft is some bloke down the pub, I'm sick of the sympathy when their rap sheet reads worse than a brutal industry rampage murdering spree."

Do you truly think the Microsoft are worse than companies that commit corporate manslaughter? They're worse companies hard at work deforesting the globe? Surely you jest? I can't think of the last time Microsoft Office killed anyone, I mean at least World of Warcraft has some recorded deaths.

All these people who call Microsoft evil seem to have a really skewed idea of what is evil. I mean i'm sure theres plenty of people considering suicide because Microsoft don't conform to some Open standards but I think the world is probably better off without them. Then everyone who is left will perhaps gain some perspective about what is important in the world.

do the other 3 algos also have back doors?

Lack of proof of back door is not proof of lack of backdoor.

The researchers figured out that one of the 4 random number generators had a back door in it. They did not figure out YET any backdoor in the other 3, and have not proved there is no backdoor in the other 3.

This algo is not needed in the OS at all, the claim it is needed for government work is bogus. The claim it is optional is unproven.

The best thing to do is to generate a one time pad by digitizing white noise into a file so you have a large enough file to only use the numbers once. (or the hardware solutions to this are also good if from a trusted supplier).

Re: Physics based RNG and terrorists

The reason you rarely see TRNG used is not due to the reasons you stated. The reason, aside from the specialized hardware requirements not present in standard PC platforms, is that you need to also provide a pseudorandom number generator to be used during the debugging process where you need to be able to reproduce the random number sequence.

Re:Re:Is it any wonder

How many suicide notes have been prepared on Word, come to that how many threaening letters, MS is responsible for at least 50% of the bad news that drops through you letterbox every morning and you say Word has never hurt anyone????

Nothing to hide

""So, you don't have curtains then?" is my usual reply to that particular piece of nonsense."

The alternative, if you're in their house or otherwise have immediate access to their possessions, is to just start rifling through them on the spot, then when challenged, simply state that they have nothing to hide. It's even better if you can find something intensely personal like a journal/bank statement/love letter/copy of Britney Spears' latest album to hand.

Okay, I admit it, I haven't actually done this yet. Still waiting for someone to say it to me since I thought of it.

Re:Re:Is it any wonder

Microsoft does not directly kill people.

However, they have managed to foist their software into places which are incompatible with their warranty - you know, the one that says it should never be entrusted with people's lives? Yet Microsoft's sold many site licenses to both hospitals and manufacturers of medical equipment, and Windows CE is the embedded OS for numerous medical devices. Microsoft *knew* what those companies did before they signed those deals. Personally, I feel the other party in each of those deals was more responsible, because they should have known Microsoft's record, and frequently (if not always) required to certify compliance periodically with regulations which read to me as 'Do not use Microsoft-grade software'.

For what it's worth, I do not know that anyone I know has died because of a medical device running Windows CE having an OS problem. The one case where I have a suspicion, it was really just a matter of time anyway. But I have talked with geeks in the medical industry who have had access to said devices (some of them even made said devices) who were able to attest that the version of Windows CE on them was no different than the version that they had on some other consumer device.

However, I've also seen a situation where hospital staff were presented additional difficulty in responding to emergency situations, because their computers had locked up. Nobody died in the situation I witnessed - but only because some incredibly good, incredibly skilled people violated the procedures they were supposed to follow to address the situation. (Note: one of them was one of the people who set up those procedures; the others did not violate them until he indicated that they needed to and it was appropriate in this case.) Actually, possibly the biggest issue I have with Microsoft in this case: they'd worked a deal with the hospital to get their software at a significant discount - but only if it was used for all of the systems. IMHO, a hospital should not be using the same software on its primary and backup systems; instead, they should be provided by competing organizations which follow the same standards, and certify their products to work with each other. (For those who may lack reading comprehension, just having an industry which has two such companies is not viable - if every hospital was a customer of both of those companies, the companies aren't really competing, are they?)

Oh, and finally, have you checked out Microsoft's investment portfolio? I've heard it's a killer... For that matter, so was the Bill and Melinda Gates Foundation, last time I checked.

Michael H.F. Wilkinson

"When a true random number generator is used, the key (i.e. the true random sequence) must then be sent through a secure channel, which, if available could have been used to send the message in the first place"

Not quite true. The existing secure channel is (normally) public/private key encryption (or asymmetric encryption) such as RSA. The problem with this is that it's very computationally expensive to have a channel remain on this. The asymetrically encrypted channel is used to exchange the agreed random key which is then used to create a private key encryption (symmetric encryption) which needs much less processing overhead.

Granted, this relies on the public key already being known without interference. However it's relatively quick and easy to do, such as sending the public key and then using another method (phone, text) to send the hash for the public key. This provides a secure channel without the overhead of asymmetric encryption calculations or the overhead of sending a large key by other means (disk via the post, reading out an extraordinarily long number on the phone, sending multiple texts). From memory, this is the loose definition of how SSH works.

Phew! Knew that course at uni would come in handy some day! Invitations to pick holes in the above by request only... :-)

Selling string vests to the Eskimo's

Given that technicaly there is no such thing as a random number then why is everybody crying about what they dont fully understand and blindly accepting what somebody else has said.

If people are that worried then make a nice USB2 or PCI(e) hardware card that generates random numbers and sell that making alot of profit. That said in reality alot of people cry foul but rarely do they do more than that.

So on that note I declare Microsoft the official ice-cube and thermal string vest seller to all polar regions.

PS if your realy realy worried about this - start a petition to the priminster of the UK; 1000 votes gets you a good answear, collect over 50,000 votes and you get an even better answear - collect a full 1000,000 votes and you will get the true answear and possibly a patch for the UK. Its all about perception, make your perception known if your worried about it and have a legit reason. Me, I'll note it and carry on using my OpenBSD box for issues of the heart.

@AMFM

Hardware pnrg

I thought hardware based pnrg was already floating around on some platforms - in those tpm chips vista ultimate insists on for bitlocker drive encryption and in via's padlock on cpu security platform, the latter at least samples on chip electrical noise, so unless the nsa have a back door to the basic laws of physics too...

@Andrew

> gain some perspective about what is important in the world.

Well, here's some perspective for you about what's important in *this* world, the IT-related world:

S T A N D A R D S

You know - those boring & openly shared, discussed and approved details which ensure 'thing A' can work fully with 'thing B' irrespective of its source, and precisely the sort of thing Microsoft works hard to avoid so only *their* proprietary "standard" exists - and the rest of the world can either conform or go hang.

Re: Microsoft 'standard compliance'

Standards exist so that everyone can do something the same way. This is great for documents and protocols but there's no compelling reason to define a standard for random number generation. As long as your numbers are random, your method is not important, and when someone suggests we all agree on a method of generating pseudorandom numbers surely you've got to wonder who stands to benefit from the adoption of that standard?

Conforming to standards is always in someone's interest. Shame Microsoft only seem capable of managing this feat when it's not in their customers' interest.

PS: Isn't amanfrommars doing well these days? If it wasn't for that gibberish about 'good answer' in response to petitions to the Prime Minister that could have been a Turing Test beater...

Re: Digital Fortress

@BitTwister

Why should Microsoft conform to other peoples standards? Why dont Apple and Creative have conform to a common interface for thier mp3 players? To lock people into thier format, thats why. Every company does it just some are more successful than others. Microsoft have become so successful at achieving lock-in that they're now a natural monoploy. Does this status mean they should be compelled to Standards other people set? Of course it doesn't they are a private company and they can do what ever they like within the law (or outside the law if the fines are small enough, see anti trust lawsuits)

Now i'm not a Microsoft apologist, I run a small business, we run Linux, develop on Java and make extensive use of open source frameworks. Even in doing this theres lock in being attempted by the projects we use. But in the end most IT systems are closed loops, so although standards are great they dont actually have much effect on most users. For IT systems the big watch words should always be Quality Control, you can get on Microsofts back about that but not standards which dont matter.

@ Andrew - standards which dont matter

@JimC

I am using a web browser, and guess what it doesn't conform to all the standards laided down in all the web specifications. It conforms to most of them and renders every webpage as I would expect. Would a totally compliant browser be better?, possibly but the effect of not being totally compliant is negliable.

@Andrew

> Why should Microsoft conform to other peoples standards?

Firstly, they're not "other peoples" [sic] standards, they're everyone's standards That's the whole point of a standard: everyone knows how it works and everyone can make something to use it - so everyone can benefit. And contribute improvements to it if necessary.

Secondly, in relation to IT-related standards, Microsoft are playing amongst the big boys now so it really ought to learn how to behave and simply co-operate instead of attempting to embrace and extinguish existing, well-documented and well-used standard methods.

> Why dont Apple and Creative have conform to a common interface for thier mp3 players?

I think you miss the point here. Having buttons arranged in a certain way on a player can't really be defined as a standard in the sense of web page encoding standards, or (say) communication standards. Button arrangement is more of an aesthetic matter, and what a user needs to jab in order to play a track isn't really in the same league as a web page which is designed to render correctly on only one breed of browser. 'WWW' is 'World Wide', not 'Windows Wide'.

> Microsoft have become so successful at achieving lock-in that they're now a natural monoploy.

You seem to state this depressing state of affairs as if it's some sort of worthwhile and laudable achievement - but in reality it's just a suppressive tactic to crush fair competition by weight of numbers alone. Microsoft's "innovations" (the VERY few it can actually claim any credit for) are mediocre at best and if forced to play on a level playing field, it would likely have faded away long ago.

> Does this status mean they should be compelled to Standards other people set?

Yes of course it does, if Microsoft expects to play with others already using those standards. To do otherwise is merely arrogant and disruptive. Besides, there's nothing stopping Microsoft from contributing to existing standards or originating their own - but the recent debacle with its efforts to force a poisoned and proprietary document pseudo-standard into becoming an ISO standard illustrates very clearly why Microsoft MUST conform to standards. Yet even when it tries to launch a standard it demonstrates in one stroke that it has no understanding of an open standard and that it is only interested in its own agenda.

> they are a private company and they can do what ever they like within the law

Of course - but oafish bullying shouldn't be tolerated, and neither should clumsy take-overs of WWW standards which cause compliant browsers to render pages incorrectly.

> although standards are great they dont actually have much effect on most users.

Try telling that to someone creating Redbook-compliant audio CDs.

> For IT systems the big watch words should always be Quality Control

Which in any IT department worth its salt would include standards compliance - even if that only means conforming to an internal corporate standard of dealing with information.